Remarks 



Entry of the amendments, reconsideration of the application and allowance of all pending 
claims are respectfully requested in light of the remarks below. Claims 1-9 remain pending. 

In accordance with 37 C.F.R. 1.121(d) and 37 C.F.R. 1.121(c)(l)(ii), marked-up versions 
of the amended drawing and amended claims are provided on one or more pages separate from 
the amendment. These pages are appended to the end of the response. Support for the claim 
amendments can be found throughout the application as filed, including, for example, page 8, 
lines 12-13; page 9, lines 1-4; page 11, lines 12-13; and page 4, lines 14-15. Support for claim 9 
added herewith is found in FIG. 1 and the related discussion at page 6, line 24 - page 7, line 11. 
No new matter is believed added to the application by the amendments presented. 

Substitute drawing sheet 1/3 is provided herewith containing amended FIG. 1. 
Specifically, FIG. 1 is amended to add labels for boxes 10 and 14. Based upon this amendment, 
applicant respectfully requests withdrawal of the drawings objection. 

Claim 5 was objected to under 37 CFR 1.75(c) as being of improper dependent form for 
failing to further limit the subject matter of a previous claim. Claim 5 has been rewritten as a 
dependent of claim 4 and thus, applicant requests reconsideration and withdrawal of this 
objection. 

Substantively, the Office Action rejected claims 1-8 under 35 U.S.C. 102(e) as being 
anticipated by Bapat et al. (U.S. Patent No. 6,236,996; hereinafter, "Bapat"). Applicant 
respectfully, but most strenuously, traverses this rejection to any extent deemed applicable to the 
amended claims presented herewith. 

Applicant's invention is directed to an access control technique for data that is to be used 
in common by multiple users on a network. A user is granted access to the data to be used in 
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common when access management data in an access management table is updated. This update 
of access management data occurs in response to a communication transmitted by another user 
who is authorized to grant the access to the data. This same communication includes "reference 
information" for the data to be used in common. Reference information for the data to be used in 
common is not the data, per se. Rather, it is information that is required to access the data. For 
example, a user of Lotus NOTES can create a database icon within an e-mail and send it to 
another user. The database icon provides a link to data in a database, but the icon is not the data 
itself. That is, the icon provides a way to reference the data. 

Advantageously, the present invention provides an efficient mechanism for data access 
control whereby permission to access data is granted automatically, concurrently with and in 
response to a communication transmission that includes the reference information required to 
access that data. That is, applicant's invention eliminates the conventional need for an authorized 
user or database manager to update an access management table (i.e., grant an access right) in 
advance of communicating reference information. 

Thus, in one aspect, applicant's invention comprises a computer system for controlling 
access to data to be used in common by multiple users (e.g., claim 1, as presented herewith). The 
system includes: data storage for storing the data in common; an access management table 
including access management data to control an access right to said data in common; and control 
means for automatically updating the access management data in the access management table, in 
response to, and concurrent with, transmitting a communication, in which reference information 
to the data in common is included, from a first user who is authorized to grant an access right to 
the data to a second user. The second user is granted the access right to the data pursuant to the 
automatic updating of the access management data responsive to the transmitting of the 
communication. 

With respect to the anticipation rejection of the independent claims 1 & 8, it is well 
settled that a claimed invention is not anticipated unless a single prior art reference discloses (1) 
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all the same elements of the claimed invention; (2) found in the same situation as the claimed 
invention; (3) united in the same way as the claimed invention; (4) in order to perform the 
identical function of the claimed invention. In this instance, the Bapat patent fails to disclose one 
or more elements of the claimed invention, and as a result does not anticipate applicant's 
invention. 

Bapat discloses a database access technique that restricts access to managed object 
information by using a permissions table that specifies access rights to managed objects (see Title 
and Abstract thereof). These access rights are determined by access control rules which are 
derived from an access control database that specifies users' access rights to sets of managed 
objects (see Abstract and Col. 26, lines 10-59). This is quite different from the updating of the 
access management data concurrent with the transmitting of the communication which includes 
reference information to the data to be used in common, as recited by the claims presented 
herewith. In Bapat, the access control and the permissions databases are updated as access rights 
are stored in them. These access rights are stored in the databases prior to a user access request 
being issued and processed (see, e.g., 300, FIG. 14 and 1602, 1610 & 1612 of FIG. 16A). 
Applicant notes that the user access request in Bapat includes information required to access data 
(i.e., reference information) (see, e.g., 244, FIG. 6), and Bapat is otherwise silent as to 
transmission of reference information (see FIG. 16 A, which lacks such transmissions other than 
the user access request). Thus, the aforementioned database updates in Bapat are performed prior 
to (i.e., not concurrently with) the transmission of a communication having reference information 
to data in common, as recited by the claims presented herewith. 

Further, Bapat fails to describe or suggest automatically updating access management 
data in the access management table concurrent with and in response to transmitting the 
communication that includes the reference information to the data in common, as recited in the 
claims presented herewith. In Bapat, the rules which grant access to users are stored in the access 
control database (see access control tree 170, FIG. 4 and Col. 11, lines 4-6). These rules are 
stored and updated via an Access Control Configuration procedure (210, FIG. 4), which is 
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controlled by authorized users utilizing a graphical user interface (GUI 212, FIG. 4; see Col. 1 1, 
lines 39-51). Applicant notes that the permissions table of Bapat is also populated by the access 
control rules of the access control database, which can be updated in the user-controlled way 
described above (see Col. 26, lines 53-54 and Col. 30, lines 25-37). Thus, in Bapat, the updating 
of user management data that determines access grants is done via human intervention (i.e., the 
user utilizing the GUI) rather than automatically concurrent with transmission of a 
communication from a first user to a second user, as recited by the claims presented herewith. 

Not only does Bapat fail to disclose automatically updating access management data, it 
also fails to teach or suggest such updating in response to transmitting a communication, which 
includes reference information to the data in common, from a first user who is authorized to 
grant an access right to the data in common to a second user , wherein the second user is granted 
the access right to the data pursuant to the automatic updating of the access management data. 
As described above, the updates of the access control database and the permissions database in 
Bapat (i.e., the granting of access rights) is done before a user access request is issued and 
processed (i.e., before reference information is transmitted). Since such database updates in 
Bapat occur before the reference information is transmitted, they cannot be done in response to 
transmitting the communication that includes reference information (i.e., the user access request), 
as recited by the present invention. Moreover, the user access requests in Bapat are directed to a 
database management system rather than to a second user (see user request 300 & DBMS 280, 
FIG. 14). Thus, Bapat' s reference information is not included in a communication transmitted 
from a first user to a second user , as recited by the present invention. 

In the Office Action, various sections of Bapat are cited as teaching a control means for 
updating the access management data in the access management table in response to 
communication, in which reference information to the data in common are included, from a first 
user who is authorized to grant an access right to the data to a second user. In particular, the 
Office Action cited Col. 4, lines 53-53 and Col. 8, lines 35-40 as teaching the updating of the 
access management data. As noted above, the claims as presented herewith recite automatically 
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updating the access management data, and Bapat fails to disclose in this section (and in other 
sections) such automatic updating. Col. 16, lines 55-61 were cited as disclosing "in response to 
communication." Applicant respectfully submits that this section of Bapat refers to a user 
communications interface, which is not relevant to a communication that includes reference 
information to data in common, and which is transmitted from a first user authorized to grant 
access to the data to a second user. Further, applicant submits that the sections cited as allegedly 
teaching a first user who is authorized to grant an access right to the data to a second user (i.e., 
Col. 10, lines 1 1-15; Col 16, line 62 - Col. 17, line 5; and Col. 17, lines 42-46) refer to access 
rights, but do not indicate an access right granted to a second user pursuant to the automatic 
updating of the access management data responsive to the transmitting of the communication, as 
recited by the claims presented herewith. 

Since Bapat fails to teach, or even suggest, multiple aspects of applicant's claimed 
invention, applicant respectfully requests reconsideration and withdrawal of the 102 rejection of 
the independent claims 1 & 8. The dependent claims are believed patentable for the same 
reasons as the independent claims from which they directly or ultimately depend, as well as for 
their own additional features. For example, claim 3 herein recites the computer system of claim 
1 and the specific access management data of claim 2, and further recites that the access 
management data in the access management table includes identification information for the first 
user who grants the access right to the second user. That is, the present invention allows the 
specific identification of the authorized user who approved access rights to a specific user. In 
Bapat, stored access data includes the user to whom access rights are granted, the managed object 
to which permission is granted, and type of operation associated with the access right granted 
(see FIGs. 15A & 15B; Col. 26, lines 34-40). Thus, Bapat does not include access management 
data that includes the identification of the authorized first user who grants access to the second 
user, as recited in the claims presented herewith. As another example, claim 9 recites that the 
access management table resides on a server external to the first and second users. As stated 
above, Bapat does not teach or suggest a second user to whom the communication having the 
reference information is transmitted. Since the Bapat patent is deficient in this regard, it also 
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fails to describe or suggest an access management table on a server external to the first user and 
the second user, wherein the second user receives the transmitted communication described 
above. 



In view of the above Remarks, applicant respectfully requests reconsideration and 
allowance of all pending claims. 

If the Examiner wishes to discuss this application with applicant's attorney, the Examiner 
is invited to telephone applicant's representative at the below-listed number. 



Dated: March l7, 2003 



HESLIN ROTHENBERG FARLEY & MESITI P.C. 
5 Columbia Circle 
Albany, New York 12203 
Telephone: (518) 452-5600 
Facsimile: (518) 452-5579 



Respectfully submitted, 




Kevin P. Radigan 
Attorney for Applicant^ 
Registration No. 3 1 ,789 
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Version with markings to show changes made 

In the Drawings: 

Attached on a separate paper are the proposed drawing changes to FIG. 1, which are 
circled in red for the Examiner's approval. Upon approval by the Examiner, a complete set of 
formal drawings in compliance with §1.84 will be filed. 

In the Claims: 

Claims 1 & 3-8 have been amended and claim 9 has been added as set forth below. 

1 . (AMENDED) A computer system for controlling access to data to be used in 
common by multiple users, comprising: 

data storage for storing said data in common; 

an access management table including access management data to control an 
access right to said data in common; and 

control means for automatically updating said access management data in said 
access management table, concurrent with and in response to transmitting a 
communication, in which reference information to said data in common are included, 
from a first user who is authorized to grant an access right to said data to a second user A 
wherein the second user is granted the access right to said data pursuant to the automatic 
updating of said access management data responsive to the transmitting of the 
communication. 
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3. (AMENDED) The computer system according to claim 2, wherein said access 
management data in said access management table includes identification information for said 
first user who grants the access right to the second user . 

4. (AMENDED) The computer system according to claim 3, wherein said control 
means automatically updates said access management data in response to a command that is 
automatically issued during said transmitting of the communication. 

5. (AMENDED) The computer system according to claim 4, further comprising [A 
communication system comprising: 

the computer system according to claim 4; and] 

a plurality of user terminals for communicating with said computer system. 

6. (AMENDED) The computer system according to claim 2, wherein said control 
means automatically updates said access management data in response to a command that is 
automatically issued during said transmitting of the communication. 

7. (AMENDED) The computer system according to claim 1, wherein said control 
means automatically updates said access management data in response to a command that is 
automatically issued during said transmitting of the communication. 

8. (AMENDED) A communication system comprising: 

a computer system for controlling access to data to be used in common by 
multiple users, comprising: 

data storage for storing said data in common; 
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an access management table including access management data to control an 
access right to said data in common; and 

control means for automatically updating said access management data in said 
access management table, concurrent with and in response to transmitting a 
communication, in which reference information to said data in common are included, 
from a first user who is authorized to grant an access right to said data to a second user, 
wherein the second user is granted the access right to said data pursuant to the automatic 
updating of said access management data responsive to the transmitting of the 
communication .; and 

a plurality of user terminals for communicating with said computer system. 

9. (NEW) The computer system according to claim L wherein said access 
management table resides on a server external to the first user and the second user. 



JA999745 



-13- 



JA9 - 99 - 745 
1/3 



^ ... 

7TI ^ ^3 



12- 



Data 



-14 



-10 



Controller 


is 







^User 




16 



User B 1 ♦ ♦ ♦ 



Fig. 1 



